GDPR Best practice from exsisting clients Result of thorough - - PowerPoint PPT Presentation

▶

Jun 06, 2023 274 likes •354 views

GDPR Best practice from exsisting clients Result of thorough investigation by big client (300.000+ employees): It is alright to order and use the Actee Company Hub at Actee considering that: Actee offers an Actee Terms of Subscription

SLIDE 1

GDPR Best practice from exsisting clients

Result of thorough investigation by big client (300.000+ employees): It is alright to order and use the Actee Company Hub at Actee considering that:

Actee offers an Actee Terms of Subscription considering the EU

law.

Your company does not administrate user nor user data. Your

company can put in own training content and administrate it.

Trainers (internal & external) and participants will register and put

in their data as they like either anonymous or specified with valid (Company or Not-company) email address on their own and their data will deleted when they will delete their registration/user.

SLIDE 2

Actee’s handling of data in a few sentences in relation to GDPR law: Those of our clients employees that plays ActeeChange, ActeeLeadership or ActeeCommunication, or uses any of Actee APS’ other tools for education and up-qualification needs to be logged into our Actee Hub (or a white-label version of this). To login the employee needs to sign-up and use a valid email. To login the employee also needs to select a password on their own, which should be kept private to them. Passwords is handled securely where it is encrypted and will therefore never be visible to Actee APS. It is therefor ONLY the email address that is the account identifier at Actee APS, which we demand and have saved in

ur databases. Which email is used is to us without importance as long it is personal and active.

Actee GDPR and data security slides – Generic version February 2019

SLIDE 3

Optional and Derived data: There is a list of optional personal data that the employee can choose to fill out. These are helpful to fill out to enable us to create better profiles for the attached employees. These are only of ”ordinary personal information” status in accordance to article 6 of GDPR law. Our system do not carry any sensitive personal information. Derived data: When using the Actee hub and tools data is generated and we call this derived data. We use this data to generate profile and data-views that is valuable for the user. This data is also all anonymously pooled for use to comparing for other users. Company clients are able to see the individual derived data of their attached employees inside Actee. Personal and derived data shall never be given to third parties outside Actee APS without the user knowingly accepts

this. In accordance to article 44 of GDPR and our Terms of Use.

Actee GDPR and data security slides – Generic version February 2019

SLIDE 4

Question / Potential issue Answer

Autorization and access control to back-end systems Only employees at Actee APS and their development team in India have access to systems that contain data

n clients employees. All have signed NDA agreements.

Data with personal information Data material in Actee APS’ system is deleted / anonymized so that it can never be linked up to the clients employees again, if they choose to no longer have this data active. For example if they delete their account. Logging of use Actee APS’ database setup at Microsoft Azure logs changes in our database, which contains the few person sensitive data that the Actee system requires. Rights of our users A) Right to deletion (article 17) The signed up user can always ask to get their account deleted with us. This will delete the account

completely. At the same time, derived data will be anonymized for continued use by Actee APS. (This is

accepted in our Terms of Use at sign-up.) All requests for deletion should go to info@actee.com. B) Right to review account data (article 15) The signed up user can always ask to get a digital record of all the data that is associated to that said user. Derived data is included here. All requests regarding users right to review should go to info@actee.com. C) Acceptace of our terms and withdrawal of these Consent to our ”Terms of Use” is given the first time you enter our system upon registration. Users can see their date of consent and review our terms under “Profile” once logged in. Withdrawal of consent to our Terms of Use happen automatically upon request for deletion of the Actee

account. In other words, you can’t have access to Actee without consent is given.

D) Right that we don’t use personal information in automatic

profiling. (article 22)

We don’t use sensitive information for profiling since we don’t have any given by you. We will on the other hand use derived data created by you in our system to send you fitting messages and feedback on your

actions. We only do this upon accepting our terms of use.

SLIDE 5

Data Processors

Hosting: Microsoft Ireland Operations Ltd. Irland/Holland Supplier of software services, Hereby, but not limited to; Microsoft Azure server setup Our Azure cloud servers are placed in the Netherlands. Actee is run on a “Public Cloud” setup. Off-premises, shared resources. Danish adress: Microsoft Denmark ApS Kanalvej 7 2800 Kgs. Lyngby https://www.microsoft.com/en- us/trustcenter/privacy/gdpr/solutions Developers: Sumedha Softech India / by proxy Webvizion Denmark 28, Shiv Karni Marg, Bajri Mandi Road, Vaishali Marg West, Jaipur, Rajasthan 302034 WebVision ApS CVR: 35487174 Fredens Alle 10, 5250 Odense

SLIDE 6

Company Specific Hubs Seperate section to the Actee setup

Cloud Servers by Microsoft Azure – Actee Backbone Actee Generic Front-end Client 2 Hub Client 3 Hub Client 1 Hub Users of Hub